-D-Bus 1.8.18 (UNRELEASED)
+D-Bus 1.9.10 (UNRELEASED)
==
-...
-
-D-Bus 1.8.16 (2015-02-09)
-==
-
-The “poorly concealed wrestlers” release.
++The “sad cyborgs” release.
+
+ Security fixes:
+
+ • Do not allow non-uid-0 processes to send forged ActivationFailure
+ messages. On Linux systems with systemd activation, this would
+ allow a local denial of service: unprivileged processes could
+ flood the bus with these forged messages, winning the race with
+ the actual service activation and causing an error reply
+ to be sent back when service auto-activation was requested.
+ This does not prevent the real service from being started,
+ so it only works while the real service is not running.
+ (CVE-2015-0245, fd.o #88811; Simon McVittie)
+
+Enhancements:
+
+• The new Monitoring interface in the dbus-daemon lets dbus-monitor and
+ similar tools receive messages without altering the security properties
+ of the system bus, by calling the new BecomeMonitor method on a
+ private connection. This bypasses the normal <allow> and <deny> rules
+ entirely, so to preserve normal message-privacy assumptions, only root
+ is allowed to do this on the system bus. Restricted environments,
+ such as Linux with LSMs, should lock down access to the Monitoring
+ interface. (fd.o #46787, Simon McVittie)
+
+• dbus-monitor uses BecomeMonitor to capture more traffic, if the
+ dbus-daemon supports it and access permissions allow it.
+ It still supports the previous approach ("eavesdropping" match rules)
+ for compatibility with older bus daemons. (fd.o #46787, Simon)
+
+• dbus-monitor can now log the message stream as binary data for later
+ analysis, with either no extra framing beyond the normal D-Bus headers,
+ or libpcap-compatible framing treating each D-Bus message
+ as a captured packet. (fd.o #46787, Simon)
+
- Fixes:
+ Other fixes:
-• fix a Windows build failure (fd.o #88009, Ralf Habacker)
+• Fix some CMake build regressions (fd.o #88964, Ralf Habacker)
+
+• On Unix, forcibly terminate regression tests after 60 seconds to
+ prevent them from blocking continuous integration frameworks
+ (fd.o #46787, Simon)
+
+D-Bus 1.9.8 (2015-02-03)
+==
+
+The “all the types of precipitation” release.
+
+Dependencies:
+
+• full test coverage now requires GLib 2.36
+• full test coverage now requires PyGI (PyGObject 3,
+ "import gi.repository.GObject") instead of the
+ obsolete PyGObject 2 ("import gobject")
+
+Enhancements:
+
+• add GLib-style "installed tests" (fd.o #88810, Simon McVittie)
+
+• better regression test coverage, including systemd activation
+ (fd.o #57952, #88810; Simon McVittie)
+
+Fixes:
+
+• fatal errors correctly make the dbus-daemon exit even if <syslog/> is
+ turned off (fd.o #88808, Simon McVittie)
+
+• TCP sockets on Windows no longer fail to listen approximately 1 time
+ in 256, caused by a logic error that should have always made it fail but
+ was mitigated by incorrect endianness for the port number
+ (fd.o #87999, Ralf Habacker)
+
+• fix some Windows build failures (fd.o #88009, #88010; Ralf Habacker)
• on Windows, allow up to 8K connections to the dbus-daemon instead of the
previous 64, completing a previous fix which only worked under
send_interface="org.freedesktop.DBus"
send_member="UpdateActivationEnvironment"/>
<deny send_destination="org.freedesktop.DBus"
+ send_interface="org.freedesktop.DBus.Debug.Stats"/>
++ <deny send_destination="org.freedesktop.DBus"
+ send_interface="org.freedesktop.systemd1.Activator"/>
+ </policy>
+
+ <!-- Only systemd, which runs as root, may report activation failures. -->
+ <policy user="root">
+ <allow send_destination="org.freedesktop.DBus"
+ send_interface="org.freedesktop.systemd1.Activator"/>
</policy>
+ <!-- root may monitor the system bus. -->
+ <policy user="root">
+ <allow send_destination="org.freedesktop.DBus"
+ send_interface="org.freedesktop.DBus.Monitoring"/>
+ </policy>
+
+ <!-- If the Stats interface was enabled at compile-time, root may use it.
+ Copy this into system.local.conf or system.d/*.conf if you want to
+ enable other privileged users to view statistics and debug info -->
+ <policy user="root">
+ <allow send_destination="org.freedesktop.DBus"
+ send_interface="org.freedesktop.DBus.Debug.Stats"/>
+ </policy>
+
<!-- Config files are placed here that among other things, punch
holes in the above policy for specific services. -->
<includedir>system.d</includedir>